From cgenerali at cutter.com Thu Oct 6 10:23:16 2005 From: cgenerali at cutter.com (Cutter IT Journal) Date: Thu Oct 6 12:02:34 2005 Subject: [Authors] Call for Papers: Securing Cyber Space Message-ID: <417-220051046142316839@zoej> CALL FOR PAPERS Cutter IT Journal Larry Clinton, Guest Editor Abstract Submission Date: 17 October 2005 Articles Due: 21 November 2005 SECURING CYBER SPACE: IS IT TIME TO RETHINK OUR STRATEGY? Global efforts to stem the tide of cyber security breaches are an ongoing, uphill battle. Agencies such as Australia's Critical Infrastructure Protection Group, the European Network and Information Security Agency, the Council of European Cybercrime Convention, the US Department of Homeland Security, and the Asia-Pacific Economic Cooperation have set forth policies and initiatives to achieve a significant level of information security within their regions. Despite their continuous efforts, Internet security, or the lack thereof, has become a recurring issue that threatens long-term consumer confidence in information technology and poses a potential threat to our global security. With the annual costs of digital attacks and financial losses rising to the astronomical range (i.e., billions of dollars), what measures should be taken to minimize the impact these cyber breaches will have on the global economy? What practices should private industry implement to address the daily occurrences of spam, spyware, zombie networks, DOS attacks, online extortion, IP theft, viruses, worms, and physical and cyber data breaches? The January 2005 Cutter IT Journal issue invites useful analysis and debate on how to better address the issues of corporate, individual, and national cyber security. TOPICS OF INTEREST MIGHT INCLUDE: * Does the fault of the apparent cyber insecurity lie in immature software, faulty business practices, the core functions and protocols that underlie the Internet, or all of the above? How should we deal with this matrix of issues? * Some technologists claim there is a growing gap between what we already know about cyber security and our deployment of technology to resolve the problem. What can IT professionals do to help narrow that gap? * What could be done to fundamentally redesign the Internet to make it more secure? Is such a process needed or practical? * Are CIOs complicit in the growing cyber security problem by failing to make the issue a priority? What can be done to increase the profile of cyber security with both CIOs and senior management? * Cyber security spans national borders; is there a practical way to achieve broad cyber security given the diversity of the issue? Is the nation-state model out of date for managing the problems of Internet security? * Does the nontraditional security threat stemming from a cyber attack require an equally nontraditional response from government and the private sector working together as security actors? * Does the key to sustained cyber security lie in new technology or business practices? * Is there really an ROI for cyber security? And if so, how do you measure it? * Is greater regulation of private entities needed to assure better cyber security, and if so, how can government agencies craft regulations that will address the dynamic and international nature of the problem? * What successful corporate models can be adapted for more generalized uses? * Would an incentive program consisting of tax breaks, liability reform, and/or corporate recognition yield better cyber security? * Why has the cyber insurance market not provided more incentives for better cyber hygiene? * What can Hurricane Katrina tell us about the need for robust data redundancy and security measures? * Do existing industry bodies provide appropriate models for managing this problem? * Is there a software fix? * Would increased liability on software providers, or major users, yield better results? What would be the downside repercussions? TO SUBMIT AN ARTICLE IDEA Please respond to Larry Clinton (lclinton@isalliance.org) with a copy to itjournal@cutter.com by 17 October 2005 and include an extended abstract and an article outline. ARTICLE DEADLINE Articles are due on 21 November 2005. EDITORIAL GUIDELINES Most Cutter IT Journal articles are approximately 2,500-3,500 words long, plus whatever graphics are appropriate. If you have any other questions, please do not hesitate to contact CITJ’s managing editor Karen Pasley (kpasley@cutter.com) or the Guest Editor, Larry Clinton (lclinton@isalliance.org). Editorial guidelines are available at http://www.cutter.com/itjournal/edguide.html AUDIENCE Typical readers of Cutter IT Journal range from CIOs and vice presidents of software organizations to IT managers, directors, project leaders, and very senior technical staff. Most work in fairly large organizations: Fortune 500 IT shops, large computer vendors (IBM, HP, etc.), and government agencies. 48% of our readership is outside of the US (15% from Canada, 14% Europe, 5% Australia/NZ, 14% elsewhere). Please avoid introductory-level, tutorial coverage of a topic. Assume you're writing for someone who has been in the industry for 10 to 20 years, is very busy, and very impatient. Assume he or she will be asking, "What's the point? What do I do with this information?" Apply the "So what?" test to everything you write. PROMOTIONAL OPPORTUNITIES We are pleased to offer Journal authors a year's complimentary subscription and 10 copies of the issue in which they are published. In addition, we occasionally pull excerpts, along with the author's bio, to include in our weekly Cutter Edge e-mail bulletin, which reaches another 8,000 readers. We'd also be pleased to quote you, or passages from your article, in Cutter press releases. If you plan to be speaking at industry conferences, we can arrange to make copies of your article or the entire issue available for attendees of those speaking engagements -- furthering your own promotional efforts. ABOUT CUTTER IT JOURNAL No other journal brings together so many cutting-edge thinkers, and lets them speak so bluntly and frankly. We strive to maintain the Journal's reputation as the "Harvard Business Review of IT." Our goal is to present well-grounded opinion (based on real, accountable experiences), research, and animated debate about each topic the Journal explores. FEEL FREE TO FORWARD THIS CALL FOR PAPERS TO ANYONE WHO MIGHT HAVE AN APPROPRIATE SUBMISSION.